RE: analysis: multicast-helper map and directed broadcast

From: Popgeorgiev Nikolay (nikolay.popgeorgiev@siemens.com)
Date: Thu Jun 15 2006 - 09:34:22 ART

• Next message: Elias Chari: "Re: BGP"
• Previous message: James Ventre: "Re: Cisco Charging for Packet now?"
• Maybe in reply to: Pierre-Alex: "analysis: multicast-helper map and directed broadcast"
• Next in thread: Pierre-Alex: "Re: analysis: multicast-helper map and directed broadcast"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Thanks man,

I am on the same opinion...but I am clearing some final things. My date is after two weeks and I am already stressed :)

Best,
Nick

-----Original Message-----
From: Pierre-Alex [mailto:paguanel@hotmail.com]
Sent: Thursday, June 15, 2006 3:05 PM
To: Popgeorgiev Nikolay; Petr Lapukhov
Cc: ccielab@groupstudy.com
Subject: Re: analysis: multicast-helper map and directed broadcast

Nick,

The command " ip forward protocol udp XXX" is only needed on the first-hop
router .

This commands tells the router which udp broadcasts to process.

If it is not a udp broadcast, and it is not in the list of "foward
protocols", the router won't look at it ...

If you look at my configs you will see that I did not put the command on the
last hop and it did work. :)

Pierre-Alex

----- Original Message -----
From: "Popgeorgiev Nikolay" <nikolay.popgeorgiev@siemens.com>
To: "Petr Lapukhov" <petrsoft@gmail.com>; "Pierre-Alex"
<paguanel@hotmail.com>
Cc: <ccielab@groupstudy.com>
Sent: Thursday, June 15, 2006 1:12 PM
Subject: RE: analysis: multicast-helper map and directed broadcast

> Guys,
>
> Also something else to question here regarding this topic. Where actually
> is needed the command ip forward protocol udp XXX if you are tranfering
> some udp traffic - on the first hop router, on the end router or on both.
>
> I think it should be done on the place where the broadcast is converted to
> multicast - you actually allow the router to do this.
>
> Can you confirm please
>
> Thanks !
>
> Nick
>
>
>
>
> -----Original Message-----
> From: Petr Lapukhov [mailto:petrsoft@gmail.com]
> Sent: Thursday, June 15, 2006 1:58 PM
> To: Pierre-Alex
> Cc: ccielab@groupstudy.com
> Subject: Re: analysis: multicast-helper map and directed broadcast
>
> Pierre,
>
> Usually "multicast-helper" is used with pim-dense mode, so no need
> to register source here. I actually tried to test it with sparse mode,
> had no luck, and dropped my attempts due to the lack of time ;))
>
> Next, if you dont put "ip directed-broadcast"
> and "ip broadcast-address" the router will simply send packets
> to address 255.255.255.255, AFAIR. If you need some specific
> broadcast address, you should configure it.
>
> HTH
> Petr
>
> 2006/6/15, Pierre-Alex <paguanel@hotmail.com>:
>>
>> In the cisco Documentation , on the interface of the last hop router is
>> configured a "directed broacast" statement.
>>
>>
>> http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cr/himc_r/
>> mlt_i1h.htm#wp1075964
>>
>> I have labbed the example WITHOUT this command and the conversion worked
>> properly: my last hop router is sending broadcast.
>>
>> Also I have not enable pim on the outgoing interface of the last hop
>> router as
>> the example, and it is working too.
>>
>> The way I explain theses results is as follows:
>>
>> 1. " By default, IP directed broadcasts are dropped; they are not
>> forwarded.
>> By dropping IP directed broadcasts, routers are less susceptible to
>> denial-of-service attacks."
>>
>> http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/np1_c/
>> 1cprt2/1cipadr.htm#wp4443
>>
>> In this case, the router is not receiving directed broadcast. It is
>> receiving
>> a multicast flow from its upstream neighbor, so there is no issue of
>> directed
>> broadcast.
>>
>> 2. When the router transforms the multicast flow it first creates a flow
>> to
>> the directed broadcast address. Since the flow was originated INTERNALLY
>> (by no interface whatsoever), there is no issue of "fowarding a directed
>> broadcast" and therefore no restriction on converting this flow to
>> broadcast.
>> So the router broadcasts its self-created directed broadcast.
>>
>>
>> 3. Regarding enabling multicast on the source I suspect this is
>> necessary so
>> that the first-hop router can create the (S,G) entry, as if it an actual
>> registration had occured. But on the destination I believe it is not
>> necessary , since the whole purpose is to direct traffic to users who are
>> not
>> multicast able.
>>
>> On first-hop router
>>
>> (*, 225.1.1.1), 01:29:02/stopped, RP 150.1.2.2, flags: S
>> Incoming interface: Null, RPF nbr 0.0.0.0
>> Outgoing interface list:
>> Serial0/1, Forward/Sparse, 01:29:02/00:03:18
>>
>> (10.1.2.200, 225.1.1.1), 01:12:28/00:03:29, flags: T
>> Incoming interface: FastEthernet0/0, RPF nbr 0.0.0.0
>> Outgoing interface list:
>> Serial0/1, Forward/Sparse, 01:12:28/00:03:18
>>
>>
>> I would appreciate some feedback / comment on my analysis. Working
>> configurations below.
>>
>> Thank You,
>>
>> Pierre-Alex
>>
>> ----------------
>> Diagram:
>> -----------------
>>
>> Server(source)--F0/0--R2----multicast----r3-e0/0--R4(Receiver)
>> The source 10.1.2.200 is sending udp broadcast on dest port 65300
>>
>> -----
>> Configs
>> -------
>>
>> !r2
>>
>>
>> interface FastEthernet0/0
>> ip address 10.1.2.2 255.255.255.0
>> ip pim sparse-mode ! REQUIRED
>> ip multicast helper-map broadcast 225.1.1.1 100 ! REQUIRED: for
>> conversion
>> of
>> broadcast
>> duplex auto
>> speed auto
>>
>> access-list 100 permit udp any any eq 65300
>>
>>
>> ip forward-protocol udp 65300
>> ! REQUIRED: Allows the processing of incoming udp broadcast packets
>>
>>
>> ! r3
>>
>>
>> interface Ethernet0/0
>> ip address dhcp
>> ip multicast helper-map 225.5.5.5 192.168.108.255 100
>> ! I HAVE NOT ENABLED PIM ON THIS INTERFACE
>>
>>
>> R3#sh ip int e 0/0
>> Ethernet0/0 is up, line protocol is up
>> Internet address is 192.168.108.203/24
>> Broadcast address is 255.255.255.255
>> Address determined by DHCP
>> MTU is 1500 bytes
>> Helper address is not set
>> Directed broadcast forwarding is disabled !-----> I HAVE NOT ENABLED
>> DIRECTED BROADCASTS
>> Multicast reserved groups joined: 224.0.0.1 224.0.0.2 224.0.0.22
>>
>>
>> ! r4 (receiver)
>>
>>
>> interface Ethernet0/0
>> ip address dhcp
>> ip access-group 100 in
>> half-duplex
>>
>> access-list 100 permit udp any any eq 65300
>> access-list 100 permit ip any any
>>
>> Extended IP access list 100
>> 10 permit udp any any eq 65300 (251180 matches) !!! RECEIVER IS
>> GETTING
>> THE TRAFFIC
>> 20 permit ip any any (48 matches)
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Elias Chari: "Re: BGP"
• Previous message: James Ventre: "Re: Cisco Charging for Packet now?"
• Maybe in reply to: Pierre-Alex: "analysis: multicast-helper map and directed broadcast"
• Next in thread: Pierre-Alex: "Re: analysis: multicast-helper map and directed broadcast"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Jul 01 2006 - 07:57:32 ART